Package list python-castellan / 8e88919
Removes context "validation". The Vault backend doesn't really care about context. Even an empty string would suffice these checks. Change-Id: I1c0d00675a479cf05d92cec7b69fd720a88023d3 Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com> Moisés Guimarães de Medeiros 1 year, 7 months ago
3 changed file(s) with 4 addition(s) and 80 deletion(s). Raw diff Collapse all Expand all
204204 expiration=None, name=None):
205205 """Creates an asymmetric key pair."""
206206
207 # Confirm context is provided, if not raise forbidden
208 if not context:
209 msg = _("User is not authorized to use key manager.")
210 raise exception.Forbidden(msg)
211
212207 if algorithm.lower() != 'rsa':
213208 raise NotImplementedError(
214209 "VaultKeyManager only implements rsa keys"
280275 def create_key(self, context, algorithm, length, name=None, **kwargs):
281276 """Creates a symmetric key."""
282277
283 # Confirm context is provided, if not raise forbidden
284 if not context:
285 msg = _("User is not authorized to use key manager.")
286 raise exception.Forbidden(msg)
287
288278 if length % 8:
289279 msg = _("Length must be multiple of 8.")
290280 raise ValueError(msg)
302292 def store(self, context, key_value, **kwargs):
303293 """Stores (i.e., registers) a key with the key manager."""
304294
305 # Confirm context is provided, if not raise forbidden
306 if not context:
307 msg = _("User is not authorized to use key manager.")
308 raise exception.Forbidden(msg)
309
310295 key_id = uuid.uuid4().hex
311296 return self._store_key_value(key_id, key_value)
312297
313298 def get(self, context, key_id, metadata_only=False):
314299 """Retrieves the key identified by the specified id."""
315
316 # Confirm context is provided, if not raise forbidden
317 if not context:
318 msg = _("User is not authorized to use key manager.")
319 raise exception.Forbidden(msg)
320300
321301 if not key_id:
322302 raise exception.KeyManagerError('key identifier not provided')
358338 def delete(self, context, key_id):
359339 """Represents deleting the key."""
360340
361 # Confirm context is provided, if not raise forbidden
362 if not context:
363 msg = _("User is not authorized to use key manager.")
364 raise exception.Forbidden(msg)
365
366341 if not key_id:
367342 raise exception.KeyManagerError('key identifier not provided')
368343
374349
375350 def list(self, context, object_type=None, metadata_only=False):
376351 """Lists the managed objects given the criteria."""
377
378 # Confirm context is provided, if not raise forbidden
379 if not context:
380 msg = _("User is not authorized to use key manager.")
381 raise exception.Forbidden(msg)
382352
383353 if object_type and object_type not in self._secret_type_dict:
384354 msg = _("Invalid secret type: %s") % object_type
7676 def setUp(self):
7777 super(KeyManagerTestCase, self).setUp()
7878 self.key_mgr = self._create_key_manager()
79 self.ctxt = None
7980
8081 def _get_valid_object_uuid(self, managed_object):
8182 object_uuid = self.key_mgr.store(self.ctxt, managed_object)
1414
1515 Note: This requires local running instance of Vault.
1616 """
17 import abc
1817 import os
1918 import uuid
2019
2120 from oslo_config import cfg
22 from oslo_context import context
2321 from oslo_utils import uuidutils
2422 from oslotest import base
2523 import requests
3331 CONF = config.get_config()
3432
3533
36 class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
34 class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase,
35 base.BaseTestCase):
3736 def _create_key_manager(self):
3837 key_mgr = vault_key_manager.VaultKeyManager(cfg.CONF)
3938
4544 key_mgr._vault_url = os.environ['VAULT_TEST_URL']
4645 return key_mgr
4746
48 @abc.abstractmethod
49 def get_context(self):
50 """Retrieves Context for Authentication"""
51 return
52
53 def setUp(self):
54 super(VaultKeyManagerTestCase, self).setUp()
55 self.ctxt = self.get_context()
56
57 def tearDown(self):
58 super(VaultKeyManagerTestCase, self).tearDown()
59
60 def test_create_null_context(self):
61 self.assertRaises(exception.Forbidden,
62 self.key_mgr.create_key, None, 'AES', 256)
63
64 def test_create_key_pair_null_context(self):
65 self.assertRaises(exception.Forbidden,
66 self.key_mgr.create_key_pair, None, 'RSA', 2048)
67
6847 def test_create_key_pair_bad_algorithm(self):
6948 self.assertRaises(
7049 NotImplementedError,
7251 self.ctxt, 'DSA', 2048
7352 )
7453
75 def test_delete_null_context(self):
76 key_uuid = self._get_valid_object_uuid(
77 test_key_manager._get_test_symmetric_key())
78 self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
79 self.assertRaises(exception.Forbidden,
80 self.key_mgr.delete, None, key_uuid)
81
8254 def test_delete_null_object(self):
8355 self.assertRaises(exception.KeyManagerError,
8456 self.key_mgr.delete, self.ctxt, None)
85
86 def test_get_null_context(self):
87 key_uuid = self._get_valid_object_uuid(
88 test_key_manager._get_test_symmetric_key())
89 self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
90 self.assertRaises(exception.Forbidden,
91 self.key_mgr.get, None, key_uuid)
9257
9358 def test_get_null_object(self):
9459 self.assertRaises(exception.KeyManagerError,
9863 bad_key_uuid = uuidutils.generate_uuid()
9964 self.assertRaises(exception.ManagedObjectNotFoundError,
10065 self.key_mgr.get, self.ctxt, bad_key_uuid)
101
102 def test_store_null_context(self):
103 key = test_key_manager._get_test_symmetric_key()
104
105 self.assertRaises(exception.Forbidden,
106 self.key_mgr.store, None, key)
107
108
109 class VaultKeyManagerOSLOContextTestCase(VaultKeyManagerTestCase,
110 base.BaseTestCase):
111 def get_context(self):
112 return context.get_admin_context()
11366
11467
11568 TEST_POLICY = '''
12780 APPROLE_ENDPOINT = 'v1/auth/approle/role/{role_name}'
12881
12982
130 class VaultKeyManagerAppRoleTestCase(VaultKeyManagerOSLOContextTestCase):
83 class VaultKeyManagerAppRoleTestCase(VaultKeyManagerTestCase):
13184
13285 mountpoint = 'secret'
13386